[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Open issues on the Crypto-Agility Requirements draft

To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: Re: Open issues on the Crypto-Agility Requirements draft
From: Alan DeKok <aland@deployingradius.com>
Date: Thu, 11 Jun 2009 17:55:24 +0200
Cc: Glen Zorn <glenzorn@comcast.net>, "David B. Nelson" <d.b.nelson@comcast.net>, "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
In-reply-to: <BLU137-W9DD3965427223B03AC30493420@phx.gbl>
References: <50C5A1D479B047E5811E487440A824F0@NEWTON603> <4A30AA2C.4060803@deployingradius.com> <4C47BAE932794C2880E4F016A803AA52@NEWTON603> <00a901c9eaa7$ce5ae070$6b10a150$@net> <BLU137-W9DD3965427223B03AC30493420@phx.gbl>
User-agent: Thunderbird 2.0.0.21 (Macintosh/20090302)

Bernard Aboba wrote:
> My understanding is that many Diameter deployments use no security at all,
> making them much *less* secure than RADIUS.

  I've seen that, too.

> And these deployments are with NASes that are considerably more expensive
> than a mass market access point. 
> 
> I'm not sure whether the issue is operational (too hard to configure) or
> with the implementation. 
> 
> But something, somewhere, appears to have gone very wrong.

  It's harder to insert traffic into a TCP connection than to forge UDP
packets.  But it's not impossible.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Open issues on the Crypto-Agility Requirements draft
  - From: "Dave Nelson" <d.b.nelson@comcast.net>
- Re: Open issues on the Crypto-Agility Requirements draft
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Open issues on the Crypto-Agility Requirements draft
  - From: "Dave Nelson" <d.b.nelson@comcast.net>
- RE: Open issues on the Crypto-Agility Requirements draft
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: Open issues on the Crypto-Agility Requirements draft
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: RE: Open issues on the Crypto-Agility Requirements draft
Next by Date: Re: REMINDER: Call for review of the "NAI-based Peer Discovery" document for acceptance as a RADEXT WG work item
Previous by thread: RE: Open issues on the Crypto-Agility Requirements draft
Next by thread: RE: Open issues on the Crypto-Agility Requirements draft
Index(es):
- Date
- Thread